ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Post-last-call status of the S/MIME examples draft

2003-05-23 12:29:04
from [Paul Hoffman / IMC] [Permanent Link]
Greetings again. Here's my collected notes from the WG mailing list, the smime-examples mailing list, and off-list mail. I summarize at the end. 

====================

4. Trivial Examples

4.1 ContentInfo with Data type, BER
  John Pawling: tested OK.
  Jim Schaad: tested OK.

4.2 ContentInfo with Data type, DER
  John Pawling: tested OK.
  Jim Schaad: tested OK.

5.  Signed-data
  Jim Schaad pointed out that many examples had the
    signatureAlgorithm of 1.2.840.10040.4.1 (dsa) but it should instead
    be 1.2.840.10040.4.3 (dsaWithSha1).
  The general decision was that the examples should have dsaWithSha1.
  John Pawling and Sue Beauchamp at DigitalNet agreed to re-generate
    the examples.

5.1 Basic signed content, DSS
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jim Schaad: failed.
    signatureAlgorithm is dsa but should be dsaWithSha1
  Sue Beauchamp sent new example file.

5.2 Basic signed content, RSA
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jim Schaad: tested OK.

5.3 Basic signed content, detached content
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jim Schaad: failed.
        Contains Alice's RSA certificate
        No content hint unsigned attribute
    signatureAlgorithm is dsa but should be dsaWithSha1
  Sue Beauchamp sent new example file.

5.4 Fancier signed content
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Sue Beauchamp sent new example file.

5.5 All RSA signed message
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jim Schaad: tested OK.

5.6 Multiple signers
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jim Schaad: failed.
    signatureAlgorithm is dsa but should be dsaWithSha1
  Sue Beauchamp sent new example file.

5.7 Signing using SKI
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jim Schaad: failed.
    signatureAlgorithm is dsa but should be dsaWithSha1
  Sue Beauchamp sent new example file.

5.8 S/MIME multipart/signed message
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.

5.9 S/MIME application/pkcs7-mime signed message
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.

5.10 SignedData With Attributes
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.
  Jim Schaad: failed.
        Change "unknown OID" to "unknown OID (1.2.5555)"
        Content Hint should have an OID of 1.2.840.113549.1.7.1
        Content Identifier attribute absent
        Contains Security Label attribute
        Contains encrypt key preference attribute
        Contains ML Expansion History attribute
        Contains Equivalent Label attribute

5.11 SignedData with Certificates Only
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.

6.  Enveloped-data

6.1 Basic encrypted content, TripleDES and DH
  John Pawling: tested OK.

6.2 Basic encrypted content, TripleDES and RSA
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.

6.3 Basic encrypted content, RC2/40 and RSA
  Blake Ramsdell: this is actually a 128-bit key.
  Jeff Jacoby: confirmed Blake's assertion.
  Paul Hoffman: thinks we could just change the title of the example.
  John Pawling: tested OK.
  Blake Ramsdell: tested OK.

6.4 Encrypted content, two recipients, no shared keying material
  John Pawling: tested OK but noted unsuccessful Invalid tag for
    privateKeyInfo for second login.

6.5 Encrypted content, two recipients, shared keying material
  John Pawling: could not test due to bug in his code.

6.6 Encrypted content, TripleDES and DH, previously-distributed keys
  John Pawling: tested OK.

6.7 Encrypted content, RC2/40 and RSA, previously-distributed keys
  John Pawling: tested OK.

6.8 S/MIME application/pkcs7-mime encrypted message
  John Pawling: tested OK.

6.9 EnvelopedData with All Recipient Types
  John Pawling: tested OK.

6.10 EnvelopedData with KARI RC2 Encryption
  John Pawling: tested OK.

6.11 EnvelopedData with KEK 3DES Encryption
  John Pawling: tested OK.

7. Digested-data
  Blake Ramsdell: tested OK.

8. Encrypted-data

8.1 Simple EncryptedData
  Blake Ramsdell: tested OK.

8.2 EncryptedData with unprotected attributes

9. Authenticated-data
  There are still no examples in this section.

10. Key Wrapping
  John Pawling: tested OK.

10.1 Wrapping RC2
  John Pawling: tested OK.

10.2 Wrapping TripleDES
  John Pawling: tested OK.

11. ESS Examples

11.1 ReceiptRequest
  John Pawling: test failed, has sent new example file.

11.2 Receipt
  John Pawling: test failed, has sent new example file.

11.3 eSSSecurityLabel
  John Pawling: tested OK.

11.4 EquivalentLabels
  John Pawling: tested OK.

11.5 mlExpansionHistory
  John Pawling: tested OK.

11.6 SigningCertificate
  John Pawling: tested OK.

====================
Everything has been tested by at least one person *except* "8.2 EncryptedData with unprotected attributes". If no ones tests this, we will probably get rid of it. Can anyone whose software handles EncryptedData please test example 8.2 and let me and/or the list know the results?
All examples that had test failures have been re-submitted to my by the DigitalNet folks *except* 5.10, which Jim Schaad had a lot of problems with. Could someone generate a new example of 5.10? It would be valuable to have it in the document. 

--Paul Hoffman, Director
--Internet Mail Consortium
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Input to content-encryption process in CMS, Jim Schaad
Next by Date:  RE: Post-last-call status of the S/MIME examples draft, Jim Schaad
Previous by Thread:  Input to content-encryption process in CMS, luciano . medina
Next by Thread:  RE: Post-last-call status of the S/MIME examples draft, Jim Schaad
Indexes:  [Date] [Thread] [Top] [All Lists]